Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-j225-cvw7-qrx7: PyCryptodome and pycryptodomex side-channel leakage for OAEP decryption

PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack.

ghsa
#git

PyCryptodome and pycryptodomex side-channel leakage for OAEP decryption

Moderate severity GitHub Reviewed Published Jan 5, 2024 to the GitHub Advisory Database • Updated Jan 5, 2024

Related news

Red Hat Security Advisory 2024-2010-03

Red Hat Security Advisory 2024-2010-03 - An update is now available for Red Hat Satellite 6.15. The release contains a new version of Satellite and important security fixes for various components. Issues addressed include HTTP request smuggling, crlf injection, denial of service, file disclosure, and traversal vulnerabilities.

Red Hat Security Advisory 2024-1155-03

Red Hat Security Advisory 2024-1155-03 - An update for fence-agents is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Security Advisory 2024-1057-03

Red Hat Security Advisory 2024-1057-03 - An update is now available for Red Hat Ansible Automation Platform 2.4. Issues addressed include crlf injection and denial of service vulnerabilities.

Ubuntu Security Notice USN-6595-1

Ubuntu Security Notice 6595-1 - It was discovered that PyCryptodome had a timing side-channel when performing OAEP decryption. A remote attacker could possibly use this issue to recover sensitive information.